The Inquirer-Home

Samsung Galaxy S5's fingerprint scanner has already been hacked

Puts devices and Paypal accounts at risk
Wed Apr 16 2014, 10:12

Samsung Galaxy S5 with Android 4.4 Kitkat in goldTHE SAMSUNG GALAXY S5 fingerprint sensor can be easily hacked, security researchers have revealed, placing owners' devices and Paypal accounts at risk.

The Galaxy S5, which we review in the video below, is the first Samsung phone to feature a fingerprint scanner, and as we noted in our review, it works quickly and accurately. However, German security researchers at Security Research Labs have already managed to fool it.

In a blog post the group revealed that it was able to spoof the Galaxy S5's fingerprint sensor within minutes, allowing it to gain unauthorised access to the phone. It did so by lifting a fingerprint smudge from the smartphone's screen, which it then turned into a dummy finger, which the Galaxy S5's fingerprint sensor promptly recognised as a valid fingerprint.

While a similar ploy was carried out on Apple's iPhone 5S, Security Research Labs noted that the Galaxy S5's fingerprint security implementation makes this exploit more dangerous, as iPhone 5S users are required to tap in a password before using fingerprint authentication, which is not required on the Galaxy S5.

This also puts Galaxy S5 users' Paypal accounts at risk, as the handset's built-in fingerprint scanner can be used to authenticate Paypal payments, and this again does not require a password.

Paypal commented on this, telling BGR in a statement, "While we take the findings from Security Research Labs very seriously, we are still confident that fingerprint authentication offers an easier and more secure way to pay on mobile devices than passwords or credit cards. Paypal never stores or even has access to your actual fingerprint with authentication on the Galaxy S5.

"The scan unlocks a secure cryptographic key that serves as a password replacement for the phone. We can simply deactivate the key from a lost or stolen device, and you can create a new one. Paypal also uses sophisticated fraud and risk management tools to try to prevent fraud before it happens.

"However, in the rare instances that it does, you are covered by our purchase protection policy."

Samsung has yet to respond to our request for comment.

Check out our full Samsung Galaxy S5 review. µ

 

Share this:

blog comments powered by Disqus
Advertisement
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

Advertisement
INQ Poll

Microsoft's Windows 10 Preview has permission to watch your every move

Does Microsoft have the right to keylog users of its Windows 10 Technical Preview?